WordPress.org

Forums

Permissions for Running Outside of WP Directory (4 posts)

  1. teflonhobo
    Member
    Posted 9 years ago #

    Hi all – Quick question about permissions/security. I have implemented the technique to post WP articles on a home page outside of the WP directory mentioned here and detailed at:

    http://www.transycan.net/blogtest/2005/07/05/integrate/

    I found in another post that the person had to set the permissions of the 'wp-config.php' file to 644 to get it to work. I also found this out on my own (after struggling – I should have just searched here).

    Anyway, my concern is about the security of this. It appears from some initial testing that the config file is not actually readable (at least going straight to it) in the browser. The reply was that 644 is okay, but I found others that say the default 600 is recommended.

    I wanted to get your expert opinions about this to avoid any possible malicious stuff.

  2. moshu
    Member
    Posted 9 years ago #

    As far as I know 644 is the default and never heard about any WP blog that has been hacked through the config file. (I never had to change any permissions on the config file: on any decent host 644 is the default for uploaded files.)

  3. teflonhobo
    Member
    Posted 9 years ago #

    @moshu – I'd hoped and thought that was the case. Thanks for the help and clarification.

  4. lxg
    Member
    Posted 9 years ago #

    Even if you "download" the wp-config.php via HTTP, you will get an empty file, as inside this file, there is nothing but some definitions. When parsed by PHP, only echoed/printed output from inside <?php ?> sections arrives at the user.

    It's more critical if others have FTP access to your web space, or if PHP safe mode and/or open_basedir aren't properly configured and others can include() your files.

Topic Closed

This topic has been closed to new replies.

About this Topic